Visa Pay

Visa Pay API supports basic authentication and OpenID methods for secure API access. Choose the method that best fits your integration requirements.

Visa Pay API gives you two ways to prove who you are when using the API safely. The choice depends on your setup and what you need.

Before setting up authentication, make sure you have finished Control Center setup and have access to your Organization and Program IDs.

Basic authentication lets servers talk to each other using server login information. This method is simple to set up for direct API access.

• You need simple server-to-server communication
• Your application needs direct API access
• You want simple login-based authentication

Set up basic authentication to secure your Visa Pay API access using server login information for direct server-to-server communication.

Basic Authentication only works in the Sandbox environment.

Refer to Basic authentication with client credentials for more information.

OpenID authentication uses JWT tokens. This method gives you better security through token-based authentication and works well for applications that need OpenID Connect compliance.

• Your application requires OAuth2 compliance
• You need enhanced security through JWT token validation
• Your integration supports modern authentication standards

OpenID Connect for Servers is the preferred way to authenticate with the Pismo platform. It gives better security in service communications than basic authentication using client login information. Also, OpenID Connect supports multi-tenancy. This means that clients can give third-party access to only a specific set of endpoints within your organization.

For the Production environment, OpenID authentication is required, but can also be used for the Sandbox environment.

Refer to Authentication with OpenID for more information.